Just under half of UK companies do not know how many security breaches they have experienced in the past year, according to research by accountancy firm PricewaterhouseCoopers.

By contrast, in China only seven percent of firms have no idea how many times they have been hacked or suffered a security breach in the past 12 months.

"The concern is, if you don't have a concrete view of how many security incidents you've had, how can you make informed choices around budgets and prioritisation of resources?" William Beer, PricewaterhouseCoopers (PwC) director of assurance, told ZDNet UK on Thursday.

Beer said that while most UK companies keep logs of intrusion into their system, many do not then look at those logs.

In addition, six out of 10 UK companies do not know where customer data is being held and transmitted, according to a survey undertaken by PwC.

"Clients are struggling with that in the UK," said Beer. "Government clients have certain obligations to fulfil, but we've seen instances of government organisations falling foul of the law."

The problem often lies with third party providers, said Beer. UK data protection law stipulates that sensitive customer data may not normally be stored outside the EU. However, many of the large cloud providers are based in the US, meaning that data can accidentally be sent to the wrong jurisdiction.

Beer recommended that businesses use data-tagging or tokenisation of sensitive data destined for the cloud, so that information will not unintentionally go astray.

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha...
Full Bio